Threat Essentials Blog

Egregor Arrests: More Leaks Likely?

Hackers from the Egregor gang were recently arrested in a joint French-Ukrainian law enforcement operation (Feb 2021). 

Egregor is a very active group and allegedly responsible for numerous data breaches since September 2020. Despite the arrests, that is not the end of the story.  Organisations and individuals are still likely to be impacted as the data Egregor held may yet be released by other threat actors.  

We would always recommend monitoring secondary data exposure and distribution to minimise the impact, which is likely to be exposed on the dark web and in group chats. It's common to see secondary posting behaviour like this in newer Cyber adversaries on a reputation-building exercise. They are likely to do so by posting the Egregor leaks - or subsets they have found elsewhere to make it look like a new leak, often under a generic title. 

There are precedents for this behaviour.  Earlier this year, the prolific hacking gang, ShinyHunters, leaked the data of 2.28 million dating site users, including real names, Facebook account tokens, email addresses, and geolocation information. Along with data from other attacks attributed to this group, stolen personal information started appearing in dark web forums. These were posted by individuals who are not members of ShinyHunters but claiming to be the source of these leaks - a practice frowned upon by forum administrators. At Threat Essentials, we have seen long lists of users on the dark web who have been banned previously for such misrepresentation.  

What we recommend?

In addition to existing defence, in-depth security controls, proactively track, trace and monitor data leaks in your sector for preemptive action. 

To find out more about how Threat Essentials can support your cyber defence, talk to a Threat Essentials analyst at 


Cybersecurity: “Egregor” hackers, behind the attack on Ouest-France, arrested in Ukraine
Hacker leaks data of 2.28 million dating site users
Suspected Egregor Ransomware Affiliates Busted in Ukraine